CVE-2015-1257

Google Chrome <43.0.2357.65 - DoS

Title source: llm
STIX 2.1

Description

platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document.

References (10)

Core 10
Core References
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201506-04
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032375
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3267
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74723

Scores

EPSS 0.0162
EPSS Percentile 73.2%

Details

CWE
CWE-119
Status published
Products (2)
debian/debian_linux 8.0
google/chrome < 42.0.2311.152
Published May 20, 2015
Tracked Since Feb 18, 2026